Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup
TLS 1.3: Add Finished Message and wrapup
diff --git a/3rdparty/everest/include/everest/everest.h b/3rdparty/everest/include/everest/everest.h
index 5806500..392e792 100644
--- a/3rdparty/everest/include/everest/everest.h
+++ b/3rdparty/everest/include/everest/everest.h
@@ -96,7 +96,7 @@
void *p_rng );
/**
- * \brief This function parses and processes a TLS ServerKeyExhange
+ * \brief This function parses and processes a TLS ServerKeyExchange
* payload.
*
* This is the first function used by a TLS client for ECDHE
@@ -116,7 +116,7 @@
const unsigned char **buf, const unsigned char *end );
/**
- * \brief This function parses and processes a TLS ServerKeyExhange
+ * \brief This function parses and processes a TLS ServerKeyExchange
* payload.
*
* This is the first function used by a TLS client for ECDHE
diff --git a/CMakeLists.txt b/CMakeLists.txt
index cac13bd..9006c2d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -8,7 +8,7 @@
# that targets are built using the proper list of include directories.
# + Use the PUBLIC and PRIVATE keywords to specify the scope of include
# directories. That way, a target linking to a library (using the
-# target_link_librairies command) inherits from the library PUBLIC include
+# target_link_libraries command) inherits from the library PUBLIC include
# directories and not from the PRIVATE ones.
# - MBEDTLS_TARGET_PREFIX: CMake targets are designed to be alterable by calling
# CMake in order to avoid target name clashes, via the use of
diff --git a/ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt b/ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt
new file mode 100644
index 0000000..415c849
--- /dev/null
+++ b/ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when
+ applicable. Fixes #5735.
diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md
index d63bb8e..2bb0284 100644
--- a/docs/architecture/psa-migration/strategy.md
+++ b/docs/architecture/psa-migration/strategy.md
@@ -360,7 +360,7 @@
2. APIs the accept list of identifiers: for example
`mbedtls_ssl_conf_curves()` taking a list of `mbedtls_ecp_group_id`s. This
-could be changed to accept a list of pairs (`psa_ecc_familiy_t`, size) but we
+could be changed to accept a list of pairs (`psa_ecc_family_t`, size) but we
should probably take this opportunity to move to a identifier independent from
the underlying crypto implementation and use TLS-specific identifiers instead
(based on IANA values or custom enums), as is currently done in the new
diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md
index 086fc1a..a726c43 100644
--- a/docs/architecture/testing/driver-interface-test-strategy.md
+++ b/docs/architecture/testing/driver-interface-test-strategy.md
@@ -87,7 +87,7 @@
* This must be done for each possible flow, including error cases (e.g. a key creation that fails midway due to `OUT_OF_MEMORY`).
* The recovery during `psa_crypto_init` can itself be interrupted. Test those interruptions too.
* Two things need to be tested: the key that is being created or destroyed, and the driver's persistent storage.
-* Check both that the storage has the expected content (this can be done by e.g. using a key that is supposed to be present) and does not have any unexpected content (for keys, this can be done by checking that `psa_open_key` fails with `PSA_ERRROR_DOES_NOT_EXIST`).
+* Check both that the storage has the expected content (this can be done by e.g. using a key that is supposed to be present) and does not have any unexpected content (for keys, this can be done by checking that `psa_open_key` fails with `PSA_ERROR_DOES_NOT_EXIST`).
This requires instrumenting the storage implementation, either to force it to fail at each point or to record successive storage states and replay each of them. Each `psa_its_xxx` function call is assumed to be atomic.
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 73c50c2..bdc32e1 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -150,24 +150,24 @@
#endif
#if defined(MBEDTLS_PKCS12_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_PKCS12_C defined, but not all prerequesites"
+#error "MBEDTLS_PKCS12_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PKCS5_C) && (!defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_CIPHER_C))
-#error "MBEDTLS_PKCS5_C defined, but not all prerequesites"
+#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PKCS12_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_PKCS12_C defined, but not all prerequesites"
+#error "MBEDTLS_PKCS12_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PKCS1_V15) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_PKCS1_V15 defined, but not all prerequesites"
+#error "MBEDTLS_PKCS1_V15 defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PKCS1_V21) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_PKCS1_V21 defined, but not all prerequesites"
+#error "MBEDTLS_PKCS1_V21 defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 5225c57..207aed0 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -411,6 +411,38 @@
*/
int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/**
+ * \brief Tell if context can do the operation given by PSA algorithm
+ *
+ * \param ctx The context to query. It must have been initialized.
+ * \param alg PSA algorithm to check against, the following are allowed:
+ * PSA_ALG_RSA_PKCS1V15_SIGN(hash),
+ * PSA_ALG_RSA_PSS(hash),
+ * PSA_ALG_RSA_PKCS1V15_CRYPT,
+ * PSA_ALG_ECDSA(hash),
+ * PSA_ALG_ECDH, where hash is a specific hash.
+ * \param usage PSA usage flag to check against, must be composed of:
+ * PSA_KEY_USAGE_SIGN_HASH
+ * PSA_KEY_USAGE_DECRYPT
+ * PSA_KEY_USAGE_DERIVE.
+ * Context key must match all passed usage flags.
+ *
+ * \warning Since the set of allowed algorithms and usage flags may be
+ * expanded in the future, the return value \c 0 should not
+ * be taken in account for non-allowed algorithms and usage
+ * flags.
+ *
+ * \return 1 if the context can do operations on the given type.
+ * \return 0 if the context cannot do the operations on the given
+ * type, for non-allowed algorithms and usage flags, or
+ * for a context that has been initialized but not set up
+ * or that has been cleared with mbedtls_pk_free().
+ */
+int mbedtls_pk_can_do_ext( const mbedtls_pk_context *ctx, psa_algorithm_t alg,
+ psa_key_usage_t usage );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/**
* \brief Verify signature (including padding if relevant).
*
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index c882371..06860e2 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1938,7 +1938,7 @@
*
* \note The two most common use cases are:
* - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
- * - blocking I/O, f_recv == NULL, f_recv_timout != NULL
+ * - blocking I/O, f_recv == NULL, f_recv_timeout != NULL
*
* \note For DTLS, you need to provide either a non-NULL
* f_recv_timeout callback, or a f_recv that doesn't block.
@@ -3203,7 +3203,7 @@
*
* \note On client, only the first call has any effect. That is,
* only one client certificate can be provisioned. The
- * server's preferences in its CertficateRequest message will
+ * server's preferences in its CertificateRequest message will
* be ignored and our only cert will be sent regardless of
* whether it matches those preferences - the server can then
* decide what it wants to do with it.
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 8fb1a21..76e71bf 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -448,9 +448,9 @@
* As an exception, the public exponent 65537 is represented by an empty
* byte string.
* - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
- * the `Dss-Parms` format as defined by RFC 3279 §2.3.2.
+ * the `Dss-Params` format as defined by RFC 3279 §2.3.2.
* ```
- * Dss-Parms ::= SEQUENCE {
+ * Dss-Params ::= SEQUENCE {
* p INTEGER,
* q INTEGER,
* g INTEGER
@@ -466,9 +466,9 @@
* g INTEGER, -- generator, g
* q INTEGER, -- factor of p-1
* j INTEGER OPTIONAL, -- subgroup factor
- * validationParms ValidationParms OPTIONAL
+ * validationParams ValidationParams OPTIONAL
* }
- * ValidationParms ::= SEQUENCE {
+ * ValidationParams ::= SEQUENCE {
* seed BIT STRING,
* pgenCounter INTEGER
* }
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 9bbcb34..1024d6b 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -739,7 +739,7 @@
* subjectPublicKey BIT STRING } -- contains DSAPublicKey
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
- * parameters Dss-Parms } -- SEQUENCE of 3 INTEGERs
+ * parameters Dss-Params } -- SEQUENCE of 3 INTEGERs
* DSAPublicKey ::= INTEGER -- public key, Y
*
* - 3 * 4 bytes of SEQUENCE overhead;
diff --git a/library/ccm.c b/library/ccm.c
index e062678..3edfba3 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -99,7 +99,7 @@
#define CCM_STATE__CLEAR 0
#define CCM_STATE__STARTED (1 << 0)
-#define CCM_STATE__LENGHTS_SET (1 << 1)
+#define CCM_STATE__LENGTHS_SET (1 << 1)
#define CCM_STATE__AUTH_DATA_STARTED (1 << 2)
#define CCM_STATE__AUTH_DATA_FINISHED (1 << 3)
#define CCM_STATE__ERROR (1 << 4)
@@ -147,7 +147,7 @@
/* length calulcation can be done only after both
* mbedtls_ccm_starts() and mbedtls_ccm_set_lengths() have been executed
*/
- if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGHTS_SET) )
+ if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGTHS_SET) )
return 0;
/* CCM expects non-empty tag.
@@ -260,7 +260,7 @@
ctx->tag_len = tag_len;
ctx->processed = 0;
- ctx->state |= CCM_STATE__LENGHTS_SET;
+ ctx->state |= CCM_STATE__LENGTHS_SET;
return ccm_calculate_first_block_if_ready(ctx);
}
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 93a7cdc..23ea07b 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -815,7 +815,7 @@
return( 1 ); \
}
-#define SELF_TEST_OUPUT_DISCARD_LENGTH 64
+#define SELF_TEST_OUTPUT_DISCARD_LENGTH 64
/*
* Checkup routine
@@ -841,7 +841,7 @@
(void *) entropy_source_pr,
pers_pr, MBEDTLS_CTR_DRBG_KEYSIZE ) );
mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
- CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUPUT_DISCARD_LENGTH ) );
+ CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_pr ) ) );
CHK( memcmp( buf, result_pr, sizeof( result_pr ) ) );
@@ -866,7 +866,7 @@
(void *) entropy_source_nopr,
pers_nopr, MBEDTLS_CTR_DRBG_KEYSIZE ) );
CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
- CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUPUT_DISCARD_LENGTH ) );
+ CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_nopr ) ) );
CHK( memcmp( buf, result_nopr, sizeof( result_nopr ) ) );
diff --git a/library/ecdh.c b/library/ecdh.c
index 8be7f19..cc1340c 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -399,7 +399,7 @@
}
/*
- * Read the ServerKeyExhange parameters (RFC 4492)
+ * Read the ServerKeyExchange parameters (RFC 4492)
* struct {
* ECParameters curve_params;
* ECPoint public;
diff --git a/library/mps_common.h b/library/mps_common.h
index d20776f..668876c 100644
--- a/library/mps_common.h
+++ b/library/mps_common.h
@@ -51,7 +51,7 @@
* the function's behavior is entirely undefined.
* In addition to state integrity, all MPS structures have a more refined
* notion of abstract state that the API operates on. For example, all layers
- * have a notion of 'abtract read state' which indicates if incoming data has
+ * have a notion of 'abstract read state' which indicates if incoming data has
* been passed to the user, e.g. through mps_l2_read_start() for Layer 2
* or mps_l3_read() in Layer 3. After such a call, it doesn't make sense to
* call these reading functions again until the incoming data has been
diff --git a/library/pk.c b/library/pk.c
index 42ff432..1eab65a 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -232,6 +232,127 @@
return( ctx->pk_info->can_do( type ) );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/*
+ * Tell if a PK can do the operations of the given PSA algorithm
+ */
+int mbedtls_pk_can_do_ext( const mbedtls_pk_context *ctx, psa_algorithm_t alg,
+ psa_key_usage_t usage )
+{
+ psa_key_usage_t key_usage;
+
+ /* A context with null pk_info is not set up yet and can't do anything.
+ * For backward compatibility, also accept NULL instead of a context
+ * pointer. */
+ if( ctx == NULL || ctx->pk_info == NULL )
+ return( 0 );
+
+ /* Filter out non allowed algorithms */
+ if( PSA_ALG_IS_ECDSA( alg ) == 0 &&
+ PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) == 0 &&
+ PSA_ALG_IS_RSA_PSS( alg ) == 0 &&
+ alg != PSA_ALG_RSA_PKCS1V15_CRYPT &&
+ PSA_ALG_IS_ECDH( alg ) == 0 )
+ return( 0 );
+
+ /* Filter out non allowed usage flags */
+ if( usage == 0 ||
+ ( usage & ~( PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_DECRYPT |
+ PSA_KEY_USAGE_DERIVE ) ) != 0 )
+ return( 0 );
+
+ /* Wildcard hash is not allowed */
+ if( PSA_ALG_IS_SIGN_HASH( alg ) &&
+ PSA_ALG_SIGN_GET_HASH( alg ) == PSA_ALG_ANY_HASH )
+ return( 0 );
+
+ if( mbedtls_pk_get_type( ctx ) != MBEDTLS_PK_OPAQUE )
+ {
+ mbedtls_pk_type_t type;
+
+ if( PSA_ALG_IS_ECDSA( alg ) || PSA_ALG_IS_ECDH( alg ) )
+ type = MBEDTLS_PK_ECKEY;
+ else if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
+ alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
+ type = MBEDTLS_PK_RSA;
+ else if( PSA_ALG_IS_RSA_PSS( alg ) )
+ type = MBEDTLS_PK_RSASSA_PSS;
+ else
+ return( 0 );
+
+ if( ctx->pk_info->can_do( type ) == 0 )
+ return( 0 );
+
+ switch( type )
+ {
+ case MBEDTLS_PK_ECKEY:
+ key_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
+ break;
+ case MBEDTLS_PK_RSA:
+ case MBEDTLS_PK_RSASSA_PSS:
+ key_usage = PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_SIGN_MESSAGE |
+ PSA_KEY_USAGE_DECRYPT;
+ break;
+ default:
+ /* Should never happen */
+ return( 0 );
+ }
+
+ return( ( key_usage & usage ) == usage );
+ }
+
+ const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t key_alg, key_alg2;
+ psa_status_t status;
+
+ status = psa_get_key_attributes( *key, &attributes );
+ if( status != PSA_SUCCESS )
+ return( 0 );
+
+ key_alg = psa_get_key_algorithm( &attributes );
+ key_alg2 = psa_get_key_enrollment_algorithm( &attributes );
+ key_usage = psa_get_key_usage_flags( &attributes );
+ psa_reset_key_attributes( &attributes );
+
+ if( ( key_usage & usage ) != usage )
+ return( 0 );
+
+ /*
+ * Common case: the key alg or alg2 only allows alg.
+ * This will match PSA_ALG_RSA_PKCS1V15_CRYPT & PSA_ALG_IS_ECDH
+ * directly.
+ * This would also match ECDSA/RSA_PKCS1V15_SIGN/RSA_PSS with
+ * a fixed hash on key_alg/key_alg2.
+ */
+ if( alg == key_alg || alg == key_alg2 )
+ return( 1 );
+
+ /*
+ * If key_alg or key_alg2 is a hash-and-sign with a wildcard for the hash,
+ * and alg is the same hash-and-sign family with any hash,
+ * then alg is compliant with this key alg
+ */
+ if( PSA_ALG_IS_SIGN_HASH( alg ) )
+ {
+
+ if( PSA_ALG_IS_SIGN_HASH( key_alg ) &&
+ PSA_ALG_SIGN_GET_HASH( key_alg ) == PSA_ALG_ANY_HASH &&
+ ( alg & ~PSA_ALG_HASH_MASK ) == ( key_alg & ~PSA_ALG_HASH_MASK ) )
+ return( 1 );
+
+ if( PSA_ALG_IS_SIGN_HASH( key_alg2 ) &&
+ PSA_ALG_SIGN_GET_HASH( key_alg2 ) == PSA_ALG_ANY_HASH &&
+ ( alg & ~PSA_ALG_HASH_MASK ) == ( key_alg2 & ~PSA_ALG_HASH_MASK ) )
+ return( 1 );
+ }
+
+ return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/*
* Helper for mbedtls_pk_sign and mbedtls_pk_verify
*/
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 635981d..c3af7aa 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5766,6 +5766,22 @@
if( status != PSA_SUCCESS )
goto exit;
+ /* PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is in general an upper bound
+ * for the output size. The PSA specification only guarantees that this
+ * function works if output_size >= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(...),
+ * but it might be nice to allow smaller buffers if the output fits.
+ * At the time of writing this comment, with only ECDH implemented,
+ * PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is exact so the point is moot.
+ * If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily
+ * be exact for it as well. */
+ size_t expected_length =
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( slot->attr.type, slot->attr.bits );
+ if( output_size < expected_length )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+
status = psa_key_agreement_raw_internal( alg, slot,
peer_key, peer_key_length,
output, output_size,
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index ee8a60e..7deb57a 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1876,15 +1876,26 @@
size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( const mbedtls_ssl_ciphersuite_t *info )
{
-#if defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_type_t key_type;
+ psa_algorithm_t alg;
+ size_t key_bits;
+
+ status = mbedtls_ssl_cipher_to_psa( info->cipher,
+ info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
+ &alg, &key_type, &key_bits );
+
+ if( status != PSA_SUCCESS )
+ return 0;
+
+ return key_bits;
+#else
const mbedtls_cipher_info_t * const cipher_info =
mbedtls_cipher_info_from_type( info->cipher );
return( mbedtls_cipher_info_get_key_bitlen( cipher_info ) );
-#else
- (void)info;
- return( 0 );
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#if defined(MBEDTLS_PK_C)
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 6f9100b..9fcb2b2 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2137,7 +2137,7 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
* Same value is used for PSA_ALG_CATEGORY_CIPHER, hence it is
* guaranteed to not be a valid PSA algorithm identifier.
@@ -2167,9 +2167,7 @@
psa_algorithm_t *alg,
psa_key_type_t *key_type,
size_t *key_size );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
/**
* \brief Convert given PSA status to mbedtls error code.
*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8d6d379..5331865 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1838,7 +1838,7 @@
return( mbedtls_ssl_get_actual_mode( base_mode, encrypt_then_mac ) );
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type,
size_t taglen,
psa_algorithm_t *alg,
@@ -1983,7 +1983,7 @@
return PSA_SUCCESS;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 62e70ff..91cc4d9 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -993,8 +993,8 @@
{
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
int ret;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_cipher_info_t const *cipher_info;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
unsigned char const *key_enc;
unsigned char const *iv_enc;
@@ -1022,6 +1022,7 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
if( cipher_info == NULL )
{
@@ -1030,7 +1031,6 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
/*
* Setup cipher contexts in target transform
*/
@@ -1120,7 +1120,7 @@
/*
* Setup psa keys and alg
*/
- if( ( status = mbedtls_ssl_cipher_to_psa( cipher_info->type,
+ if( ( status = mbedtls_ssl_cipher_to_psa( ciphersuite_info->cipher,
transform->taglen,
&alg,
&key_type,
@@ -1188,6 +1188,34 @@
return( 0 );
}
+static int mbedtls_ssl_tls13_get_cipher_key_info(
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info,
+ size_t *key_len, size_t *iv_len )
+{
+ psa_key_type_t key_type;
+ psa_algorithm_t alg;
+ size_t taglen;
+ size_t key_bits;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ if( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG )
+ taglen = 8;
+ else
+ taglen = 16;
+
+ status = mbedtls_ssl_cipher_to_psa( ciphersuite_info->cipher, taglen,
+ &alg, &key_type, &key_bits );
+ if( status != PSA_SUCCESS )
+ return psa_ssl_status_to_mbedtls( status );
+
+ *key_len = PSA_BITS_TO_BYTES( key_bits );
+
+ /* TLS 1.3 only have AEAD ciphers, IV length is unconditionally 12 bytes */
+ *iv_len = 12;
+
+ return 0;
+}
+
/* mbedtls_ssl_tls13_generate_handshake_keys() generates keys necessary for
* protecting the handshake messages, as described in Section 7 of TLS 1.3. */
int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
@@ -1203,7 +1231,6 @@
unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
size_t transcript_len;
- mbedtls_cipher_info_t const *cipher_info;
size_t key_len, iv_len;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -1212,9 +1239,13 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) );
- cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
- key_len = cipher_info->key_bitlen >> 3;
- iv_len = cipher_info->iv_size;
+ ret = mbedtls_ssl_tls13_get_cipher_key_info( ciphersuite_info,
+ &key_len, &iv_len );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_get_cipher_key_info", ret );
+ return ret;
+ }
md_type = ciphersuite_info->mac;
@@ -1408,17 +1439,19 @@
size_t hash_len;
/* Variables relating to the cipher for the chosen ciphersuite. */
- mbedtls_cipher_info_t const *cipher_info;
size_t key_len, iv_len;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive application traffic keys" ) );
/* Extract basic information about hash and ciphersuite */
- cipher_info = mbedtls_cipher_info_from_type(
- handshake->ciphersuite_info->cipher );
- key_len = cipher_info->key_bitlen / 8;
- iv_len = cipher_info->iv_size;
+ ret = mbedtls_ssl_tls13_get_cipher_key_info( handshake->ciphersuite_info,
+ &key_len, &iv_len );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_get_cipher_key_info", ret );
+ goto cleanup;
+ }
md_type = handshake->ciphersuite_info->mac;
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 8b97ecf..8c8eb2a 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -412,7 +412,7 @@
*/
/*
- * Minimal length ( with everything empty and extensions ommitted ) is
+ * Minimal length ( with everything empty and extensions omitted ) is
* 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can
* read at least up to session id length without worrying.
*/
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index 48da1bf..03349ba 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -241,7 +241,7 @@
int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/** Parse given opaque key algoritms to obtain psa algs and usage
+/** Parse given opaque key algorithms to obtain psa algs and usage
* that will be passed to mbedtls_pk_wrap_as_opaque().
*
*
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index ef32cdf..080b46e 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -155,6 +155,48 @@
unsigned long long value1, unsigned long long value2 );
/**
+ * \brief Record the current test case as a failure based
+ * on comparing two unsigned integers.
+ *
+ * This function is usually called via the macro
+ * #TEST_LE_U.
+ *
+ * \param test Description of the failure or assertion that failed. This
+ * MUST be a string literal. This normally has the form
+ * "EXPR1 <= EXPR2" where EXPR1 has the value \p value1
+ * and EXPR2 has the value \p value2.
+ * \param line_no Line number where the failure originated.
+ * \param filename Filename where the failure originated.
+ * \param value1 The first value to compare.
+ * \param value2 The second value to compare.
+ *
+ * \return \c 1 if \p value1 <= \p value2, otherwise \c 0.
+ */
+int mbedtls_test_le_u( const char *test, int line_no, const char* filename,
+ unsigned long long value1, unsigned long long value2 );
+
+/**
+ * \brief Record the current test case as a failure based
+ * on comparing two signed integers.
+ *
+ * This function is usually called via the macro
+ * #TEST_LE_S.
+ *
+ * \param test Description of the failure or assertion that failed. This
+ * MUST be a string literal. This normally has the form
+ * "EXPR1 <= EXPR2" where EXPR1 has the value \p value1
+ * and EXPR2 has the value \p value2.
+ * \param line_no Line number where the failure originated.
+ * \param filename Filename where the failure originated.
+ * \param value1 The first value to compare.
+ * \param value2 The second value to compare.
+ *
+ * \return \c 1 if \p value1 <= \p value2, otherwise \c 0.
+ */
+int mbedtls_test_le_s( const char *test, int line_no, const char* filename,
+ long long value1, long long value2 );
+
+/**
* \brief This function decodes the hexadecimal representation of
* data.
*
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
index a88b2e8..8535b93 100644
--- a/tests/include/test/macros.h
+++ b/tests/include/test/macros.h
@@ -89,6 +89,32 @@
goto exit; \
} while( 0 )
+/** Evaluate two unsigned integer expressions and fail the test case
+ * if they are not in increasing order (left <= right).
+ *
+ * \param expr1 An integral-typed expression to evaluate.
+ * \param expr2 Another integral-typed expression to evaluate.
+ */
+#define TEST_LE_U( expr1, expr2 ) \
+ do { \
+ if( ! mbedtls_test_le_u( #expr1 " <= " #expr2, __LINE__, __FILE__, \
+ expr1, expr2 ) ) \
+ goto exit; \
+ } while( 0 )
+
+/** Evaluate two signed integer expressions and fail the test case
+ * if they are not in increasing order (left <= right).
+ *
+ * \param expr1 An integral-typed expression to evaluate.
+ * \param expr2 Another integral-typed expression to evaluate.
+ */
+#define TEST_LE_S( expr1, expr2 ) \
+ do { \
+ if( ! mbedtls_test_le_s( #expr1 " <= " #expr2, __LINE__, __FILE__, \
+ expr1, expr2 ) ) \
+ goto exit; \
+ } while( 0 )
+
/** Allocate memory dynamically and fail the test case if this fails.
* The allocated memory will be filled with zeros.
*
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 55529c8..7d06db1 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -47,7 +47,7 @@
#
# Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-3
PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git'
-PSA_ARCH_TESTS_REF = 'fix-pr-5139-3'
+PSA_ARCH_TESTS_REF = 'fix-pr-5736'
#pylint: disable=too-many-branches,too-many-statements
def main():
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index ec4d84e..8f4d7f2 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -122,6 +122,52 @@
return( 0 );
}
+int mbedtls_test_le_u( const char *test, int line_no, const char* filename,
+ unsigned long long value1, unsigned long long value2 )
+{
+ if( value1 <= value2 )
+ return( 1 );
+ if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
+ {
+ /* We've already recorded the test as having failed. Don't
+ * overwrite any previous information about the failure. */
+ return( 0 );
+ }
+ mbedtls_test_fail( test, line_no, filename );
+ (void) mbedtls_snprintf( mbedtls_test_info.line1,
+ sizeof( mbedtls_test_info.line1 ),
+ "lhs = 0x%016llx = %llu",
+ value1, value1 );
+ (void) mbedtls_snprintf( mbedtls_test_info.line2,
+ sizeof( mbedtls_test_info.line2 ),
+ "rhs = 0x%016llx = %llu",
+ value2, value2 );
+ return( 0 );
+}
+
+int mbedtls_test_le_s( const char *test, int line_no, const char* filename,
+ long long value1, long long value2 )
+{
+ if( value1 <= value2 )
+ return( 1 );
+ if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
+ {
+ /* We've already recorded the test as having failed. Don't
+ * overwrite any previous information about the failure. */
+ return( 0 );
+ }
+ mbedtls_test_fail( test, line_no, filename );
+ (void) mbedtls_snprintf( mbedtls_test_info.line1,
+ sizeof( mbedtls_test_info.line1 ),
+ "lhs = 0x%016llx = %lld",
+ (unsigned long long) value1, value1 );
+ (void) mbedtls_snprintf( mbedtls_test_info.line2,
+ sizeof( mbedtls_test_info.line2 ),
+ "rhs = 0x%016llx = %lld",
+ (unsigned long long) value2, value2 );
+ return( 0 );
+}
+
int mbedtls_test_unhexify( unsigned char *obuf,
size_t obufmax,
const char *ibuf,
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e2289e7..6eaa534 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1743,6 +1743,36 @@
-S "error" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_RSA_C
+run_test "RSA opaque key on server configured for decryption" \
+ "$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
+ 0 \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "Ciphersuite is TLS-RSA-" \
+ -s "key types: Opaque, Opaque" \
+ -s "Ciphersuite is TLS-RSA-" \
+ -S "error" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_RSA_C
+run_test "RSA-PSK opaque key on server configured for decryption" \
+ "$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \
+ psk=abc123 psk_identity=foo" \
+ "$P_CLI force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
+ psk=abc123 psk_identity=foo" \
+ 0 \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "Ciphersuite is TLS-RSA-PSK-" \
+ -s "key types: Opaque, Opaque" \
+ -s "Ciphersuite is TLS-RSA-PSK-" \
+ -S "error" \
+ -C "error"
+
# Test using an EC opaque private key for server authentication
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index f17711d..6fd595c 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -49,6 +49,266 @@
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_psa_utils:1
+PK can do ext: ECDSA(ANY)/NONE, invalid check STREAM_CIPHER
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: ECDSA(ANY)/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: ECDSA(ANY)/NONE, invalid check RSA_PKCS1V15_CRYPT
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: ECDSA(ANY)/NONE, invalid check RSA_PSS(SHA256)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: ECDSA(ANY)/NONE, invalid check ECDH
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: ECDSA(ANY)/NONE, check ECDSA(SHA256)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: ECDSA(SHA256)/NONE, check ECDSA(SHA256)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: NONE/ECDSA(ANY_HASH), check ECDSA(SHA256)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: NONE/ECDSA(SHA256), check ECDSA(SHA256)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: ECDSA(SHA256)/NONE, invalid check ECDSA(ANY)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: ECDSA(SHA1)/NONE, invalid check ECDSA(SHA256)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_1):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: ECDH/NONE, invalid check STREAM_CIPHER
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_DERIVE:0
+
+PK can do ext: ECDH/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:0
+
+PK can do ext: ECDH/NONE, invalid check RSA_PKCS1V15_CRYPT
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:0
+
+PK can do ext: ECDH/NONE, invalid check RSA_PSS(SHA256)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:0
+
+PK can do ext: ECDH/NONE, invalid check ECDSA(SHA256)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:0
+
+PK can do ext: ECDH/NONE, check ECDH
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_NONE:256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
+
+PK can do ext: ECDH/ECDSA(ANY), check ECDH+SIGN
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: ECDH/ECDSA(ANY), check ECDH+DERIVE
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
+
+PK can do ext: ECDH/ECDSA(ANY), check ECDH+DERIVE|SIGN
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE|SIGN
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+SIGN
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:1
+
+PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check not allowed COPY usage
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_COPY:0
+
+PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check STREAM_CIPHER
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check ECDSA(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check ECDH
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check RSA_PKCS1V15_CRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check RSA_PSS(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check RSA_PKCS1V15_SIGN(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check non-present usage
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:0
+
+PK can do ext: RSA_PKCS1V15_SIGN(SHA256)/NONE, check RSA_PKCS1V15_SIGN(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: NONE, RSA_PKCS1V15_SIGN(ANY), check RSA_PKCS1V15_SIGN(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: NONE, RSA_PKCS1V15_SIGN(SHA256), check RSA_PKCS1V15_SIGN(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: RSA_PKCS1V15_SIGN(SHA256)/NONE, invalid check RSA_PKCS1V15_SIGN(ANY)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PKCS1V15_SIGN(SHA1)/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PSS(ANY)/NONE, invalid check STREAM_CIPHER
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PSS(ANY)/NONE, invalid check ECDSA(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PSS(ANY)/NONE, invalid check RSA_PKCS1V15_CRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PSS(ANY)/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PSS(ANY)/NONE, check RSA_PSS(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: RSA_PSS(SHA256)/NONE, check RSA_PSS(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: NONE, RSA_PSS(ANY), check RSA_PSS(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: NONE, RSA_PSS(SHA256), check RSA_PSS(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: RSA_PSS(SHA256)/NONE, invalid check RSA_PSS(ANY)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PSS(SHA1)/NONE, invalid check RSA_PSS(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_1):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PKCS1V15_SIGN_RAW/NONE, check RSA_PKCS1V15_SIGN_RAW
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: RSA_PKCS1V15_SIGN_RAW/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
+
+PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check STREAM_CIPHER
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0
+
+PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check ECDSA(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0
+
+PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check ECDH
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_ECDH:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0
+
+PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check RSA_PSS(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0
+
+PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0
+
+PK can do ext: RSA_PKCS1V15_CRYPT/NONE, check RSA_PKCS1V15_CRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
+
+PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PKCS1V15_CRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
+
+PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PSS(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_DECRYPT:1
+
+PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check non allowed ENCRYPT usage
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT:0
+
+PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PSS(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PKCS1V15_SIGN(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: MBEDTLS_PK_ECKEY, check ECDH
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
+
+PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
+PK can do ext: MBEDTLS_PK_RSA, check PSA_ALG_RSA_PKCS1V15_CRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
+
+PK can do ext: MBEDTLS_PK_RSA, check invalid PSA_KEY_USAGE_ENCRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0
+
+PK can do ext: MBEDTLS_PK_RSA, check RSA_PSS(SHA256)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
+
RSA verify test vector #1 (good)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
pk_rsa_verify_test_vec:"206ef4bf396c6087f8229ef196fd35f37ccb8de5efcdb238f20d556668f114257a11fbe038464a67830378e62ae9791453953dac1dbd7921837ba98e84e856eb80ed9487e656d0b20c28c8ba5e35db1abbed83ed1c7720a97701f709e3547a4bfcabca9c89c57ad15c3996577a0ae36d7c7b699035242f37954646c1cd5c08ac":MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 7587d6c..34ebdcc 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -247,6 +247,54 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */
+void pk_can_do_ext( int opaque_key, int key_type, int key_usage, int key_alg,
+ int key_alg2, int parameter, int alg_check, int usage_check,
+ int result )
+{
+ mbedtls_pk_context pk;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ mbedtls_pk_init( &pk );
+
+ if( opaque_key == 1 )
+ {
+ psa_set_key_usage_flags( &attributes, key_usage );
+ psa_set_key_algorithm( &attributes, key_alg );
+ if( key_alg2 != 0 )
+ psa_set_key_enrollment_algorithm( &attributes, key_alg2 );
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_bits( &attributes, parameter );
+
+ PSA_ASSERT( psa_generate_key( &attributes, &key ) );
+
+ if( mbedtls_svc_key_id_is_null( key ) )
+ goto exit;
+
+ TEST_EQUAL( mbedtls_pk_setup_opaque( &pk, key ), 0 );
+
+ TEST_EQUAL( mbedtls_pk_get_type( &pk ), MBEDTLS_PK_OPAQUE );
+ }
+ else
+ {
+ TEST_EQUAL( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( key_type ) ), 0 );
+ TEST_EQUAL( pk_genkey( &pk, parameter ), 0 );
+ TEST_EQUAL( mbedtls_pk_get_type( &pk ), key_type );
+ }
+
+ TEST_EQUAL( mbedtls_pk_can_do_ext( &pk, alg_check, usage_check ), result );
+
+exit:
+ psa_reset_key_attributes( &attributes );
+ PSA_ASSERT( psa_destroy_key( key ) );
+ mbedtls_pk_free( &pk );
+ USE_PSA_DONE( );
+}
+/* END_CASE */
/* BEGIN_CASE */
void valid_parameters( )
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 8dd8e39..0bfabb1 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -396,12 +396,12 @@
if( is_encrypt )
{
final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
- TEST_ASSERT( final_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+ TEST_LE_U( final_output_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
}
else
{
final_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg );
- TEST_ASSERT( final_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE );
+ TEST_LE_U( final_output_size, PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE );
}
ASSERT_ALLOC( final_data, final_output_size );
@@ -557,18 +557,18 @@
output_length += tag_length;
TEST_EQUAL( output_length,
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg,
- input_data->len ) );
- TEST_ASSERT( output_length <=
- PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg,
+ input_data->len ) );
+ TEST_LE_U( output_length,
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
}
else
{
TEST_EQUAL( output_length,
PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg,
input_data->len ) );
- TEST_ASSERT( output_length <=
- PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ TEST_LE_U( output_length,
+ PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
}
@@ -721,7 +721,7 @@
/* Check that the length for a truncated MAC always fits in the algorithm
* encoding. The shifted mask is the maximum truncated value. The
* untruncated algorithm may be one byte larger. */
- TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size );
+ TEST_LE_U( PSA_MAC_MAX_SIZE, 1 + max_truncated_mac_size );
}
/* END_CASE */
@@ -965,7 +965,7 @@
* and export_size. On errors, the exported length must be 0. */
TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH );
TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 );
- TEST_ASSERT( exported_length <= export_size );
+ TEST_LE_U( exported_length, export_size );
TEST_ASSERT( mem_is_char( exported + exported_length, 0,
export_size - exported_length ) );
@@ -1000,10 +1000,10 @@
reexported, reexported_length );
PSA_ASSERT( psa_destroy_key( key2 ) );
}
- TEST_ASSERT( exported_length <=
+ TEST_LE_U( exported_length,
PSA_EXPORT_KEY_OUTPUT_SIZE( type,
psa_get_key_bits( &got_attributes ) ) );
- TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
+ TEST_LE_U( exported_length, PSA_EXPORT_KEY_PAIR_MAX_SIZE );
destroy:
/* Destroy the key */
@@ -1065,12 +1065,12 @@
size_t bits;
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
bits = psa_get_key_bits( &attributes );
- TEST_ASSERT( expected_public_key->len <=
- PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, bits ) );
- TEST_ASSERT( expected_public_key->len <=
- PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, bits ) );
- TEST_ASSERT( expected_public_key->len <=
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
+ TEST_LE_U( expected_public_key->len,
+ PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, bits ) );
+ TEST_LE_U( expected_public_key->len,
+ PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, bits ) );
+ TEST_LE_U( expected_public_key->len,
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
exported, exported_length );
}
@@ -1441,8 +1441,8 @@
size_t tag_length = tag_length_arg;
size_t output_length;
- TEST_ASSERT( nonce_length <= sizeof( nonce ) );
- TEST_ASSERT( tag_length <= sizeof( tag ) );
+ TEST_LE_U( nonce_length, sizeof( nonce ) );
+ TEST_LE_U( tag_length, sizeof( tag ) );
PSA_ASSERT( psa_crypto_init( ) );
@@ -2077,7 +2077,7 @@
status = psa_hash_compute( alg, input->x, input->len,
output, output_size, &output_length );
TEST_EQUAL( status, expected_status );
- TEST_ASSERT( output_length <= output_size );
+ TEST_LE_U( output_length, output_size );
/* Hash Compute, multi-part */
status = psa_hash_setup( &operation, alg );
@@ -2089,7 +2089,7 @@
status = psa_hash_finish( &operation, output, output_size,
&output_length );
if( status == PSA_SUCCESS )
- TEST_ASSERT( output_length <= output_size );
+ TEST_LE_U( output_length, output_size );
else
TEST_EQUAL( status, expected_status );
}
@@ -2769,7 +2769,7 @@
expected_mac->len + 1,
};
- TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
+ TEST_LE_U( mac_buffer_size, PSA_MAC_MAX_SIZE );
/* We expect PSA_MAC_LENGTH to be exact. */
TEST_ASSERT( expected_mac->len == mac_buffer_size );
@@ -2847,7 +2847,7 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *perturbed_mac = NULL;
- TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
+ TEST_LE_U( expected_mac->len, PSA_MAC_MAX_SIZE );
PSA_ASSERT( psa_crypto_init( ) );
@@ -3320,14 +3320,14 @@
PSA_ASSERT( psa_crypto_init( ) );
/* Validate size macros */
- TEST_ASSERT( ciphertext->len <=
- PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, plaintext->len ) );
- TEST_ASSERT( PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, plaintext->len ) <=
+ TEST_LE_U( ciphertext->len,
+ PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, plaintext->len ) );
+ TEST_LE_U( PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, plaintext->len ),
PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( plaintext->len ) );
- TEST_ASSERT( plaintext->len <=
- PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, ciphertext->len ) );
- TEST_ASSERT( PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, ciphertext->len ) <=
- PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( ciphertext->len ) );
+ TEST_LE_U( plaintext->len,
+ PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, ciphertext->len ) );
+ TEST_LE_U( PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, ciphertext->len ),
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( ciphertext->len ) );
/* Set up key and output buffer */
@@ -3367,7 +3367,7 @@
plaintext->x, plaintext->len,
output, output_buffer_size,
&length ) );
- TEST_ASSERT( length <= output_buffer_size );
+ TEST_LE_U( length, output_buffer_size );
output_length += length;
PSA_ASSERT( psa_cipher_finish( &operation,
output + output_length,
@@ -3385,7 +3385,7 @@
ciphertext->x, ciphertext->len,
output, output_buffer_size,
&length ) );
- TEST_ASSERT( length <= output_buffer_size );
+ TEST_LE_U( length, output_buffer_size );
output_length += length;
PSA_ASSERT( psa_cipher_finish( &operation,
output + output_length,
@@ -3499,10 +3499,10 @@
the output is not possible. Validating with multipart encryption. */
PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output1,
output1_buffer_size, &output1_length ) );
- TEST_ASSERT( output1_length <=
- PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
- TEST_ASSERT( output1_length <=
- PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+ TEST_LE_U( output1_length,
+ PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
+ TEST_LE_U( output1_length,
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation, output1, iv_size ) );
@@ -3511,20 +3511,20 @@
input->x, input->len,
output2, output2_buffer_size,
&function_output_length ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
output2_length += function_output_length;
PSA_ASSERT( psa_cipher_finish( &operation,
output2 + output2_length,
output2_buffer_size - output2_length,
&function_output_length ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
output2_length += function_output_length;
PSA_ASSERT( psa_cipher_abort( &operation ) );
@@ -3584,15 +3584,15 @@
PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
ASSERT_ALLOC( output, output_buffer_size );
- TEST_ASSERT( first_part_size <= input->len );
+ TEST_LE_U( first_part_size, input->len );
PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
output, output_buffer_size,
&function_output_length ) );
TEST_ASSERT( function_output_length == output1_length );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size) );
total_output_length += function_output_length;
if( first_part_size < input->len )
@@ -3605,12 +3605,12 @@
output_buffer_size - total_output_length,
&function_output_length ) );
TEST_ASSERT( function_output_length == output2_length );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
- alg,
- input->len - first_part_size ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
+ alg,
+ input->len - first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
total_output_length += function_output_length;
}
@@ -3619,10 +3619,10 @@
output + total_output_length ),
output_buffer_size - total_output_length,
&function_output_length );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
total_output_length += function_output_length;
TEST_EQUAL( status, expected_status );
@@ -3686,16 +3686,16 @@
PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
ASSERT_ALLOC( output, output_buffer_size );
- TEST_ASSERT( first_part_size <= input->len );
+ TEST_LE_U( first_part_size, input->len );
PSA_ASSERT( psa_cipher_update( &operation,
input->x, first_part_size,
output, output_buffer_size,
&function_output_length ) );
TEST_ASSERT( function_output_length == output1_length );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
total_output_length += function_output_length;
if( first_part_size < input->len )
@@ -3708,12 +3708,12 @@
output_buffer_size - total_output_length,
&function_output_length ) );
TEST_ASSERT( function_output_length == output2_length );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
- alg,
- input->len - first_part_size ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
+ alg,
+ input->len - first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
total_output_length += function_output_length;
}
@@ -3722,10 +3722,10 @@
output + total_output_length ),
output_buffer_size - total_output_length,
&function_output_length );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
total_output_length += function_output_length;
TEST_EQUAL( status, expected_status );
@@ -3897,10 +3897,10 @@
PSA_ASSERT( psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
output_buffer_size, &output_length ) );
- TEST_ASSERT( output_length <=
- PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ) );
- TEST_ASSERT( output_length <=
- PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input_buffer_size ) );
+ TEST_LE_U( output_length,
+ PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ) );
+ TEST_LE_U( output_length,
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input_buffer_size ) );
ASSERT_COMPARE( expected_output->x, expected_output->len,
output, output_length );
@@ -3943,10 +3943,10 @@
PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len,
output1, output1_size,
&output1_length ) );
- TEST_ASSERT( output1_length <=
- PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
- TEST_ASSERT( output1_length <=
- PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+ TEST_LE_U( output1_length,
+ PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
+ TEST_LE_U( output1_length,
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
output2_size = output1_length;
ASSERT_ALLOC( output2, output2_size );
@@ -3954,10 +3954,10 @@
PSA_ASSERT( psa_cipher_decrypt( key, alg, output1, output1_length,
output2, output2_size,
&output2_length ) );
- TEST_ASSERT( output2_length <=
- PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
- TEST_ASSERT( output2_length <=
- PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
+ TEST_LE_U( output2_length,
+ PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
+ TEST_LE_U( output2_length,
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
ASSERT_COMPARE( input->x, input->len, output2, output2_length );
@@ -4014,19 +4014,19 @@
}
output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
- TEST_ASSERT( output1_buffer_size <=
- PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+ TEST_LE_U( output1_buffer_size,
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
ASSERT_ALLOC( output1, output1_buffer_size );
- TEST_ASSERT( first_part_size <= input->len );
+ TEST_LE_U( first_part_size, input->len );
PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
output1, output1_buffer_size,
&function_output_length ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
output1_length += function_output_length;
PSA_ASSERT( psa_cipher_update( &operation1,
@@ -4034,31 +4034,31 @@
input->len - first_part_size,
output1, output1_buffer_size,
&function_output_length ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
- alg,
- input->len - first_part_size ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len - first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
+ alg,
+ input->len - first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len - first_part_size ) );
output1_length += function_output_length;
PSA_ASSERT( psa_cipher_finish( &operation1,
output1 + output1_length,
output1_buffer_size - output1_length,
&function_output_length ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
output1_length += function_output_length;
PSA_ASSERT( psa_cipher_abort( &operation1 ) );
output2_buffer_size = output1_length;
- TEST_ASSERT( output2_buffer_size <=
- PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
- TEST_ASSERT( output2_buffer_size <=
- PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
+ TEST_LE_U( output2_buffer_size,
+ PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
+ TEST_LE_U( output2_buffer_size,
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
ASSERT_ALLOC( output2, output2_buffer_size );
if( iv_length > 0 )
@@ -4070,10 +4070,10 @@
PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
output2, output2_buffer_size,
&function_output_length ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
output2_length += function_output_length;
PSA_ASSERT( psa_cipher_update( &operation2,
@@ -4081,22 +4081,22 @@
output1_length - first_part_size,
output2, output2_buffer_size,
&function_output_length ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
- alg,
- output1_length - first_part_size ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length - first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
+ alg,
+ output1_length - first_part_size ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length - first_part_size ) );
output2_length += function_output_length;
PSA_ASSERT( psa_cipher_finish( &operation2,
output2 + output2_length,
output2_buffer_size - output2_length,
&function_output_length ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
+ TEST_LE_U( function_output_length,
+ PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
output2_length += function_output_length;
PSA_ASSERT( psa_cipher_abort( &operation2 ) );
@@ -4154,8 +4154,8 @@
{
TEST_EQUAL( output_size,
PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
- TEST_ASSERT( output_size <=
- PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ TEST_LE_U( output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
}
ASSERT_ALLOC( output_data, output_size );
@@ -4187,8 +4187,8 @@
TEST_EQUAL( input_data->len,
PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, output_length ) );
- TEST_ASSERT( input_data->len <=
- PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) );
+ TEST_LE_U( input_data->len,
+ PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) );
TEST_EQUAL( psa_aead_decrypt( key, alg,
nonce->x, nonce->len,
@@ -4246,8 +4246,8 @@
* should be exact. */
TEST_EQUAL( output_size,
PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
- TEST_ASSERT( output_size <=
- PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ TEST_LE_U( output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
ASSERT_ALLOC( output_data, output_size );
status = psa_aead_encrypt( key, alg,
@@ -4317,8 +4317,8 @@
* should be exact. */
TEST_EQUAL( output_size,
PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
- TEST_ASSERT( output_size <=
- PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ TEST_LE_U( output_size,
+ PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
}
ASSERT_ALLOC( output_data, output_size );
@@ -4579,7 +4579,7 @@
ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
- TEST_ASSERT( ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+ TEST_LE_U( ciphertext_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
ASSERT_ALLOC( ciphertext, ciphertext_size );
@@ -4608,7 +4608,7 @@
TEST_EQUAL( actual_nonce_length, PSA_AEAD_NONCE_LENGTH( key_type,
alg ) );
- TEST_ASSERT( actual_nonce_length <= PSA_AEAD_NONCE_MAX_SIZE );
+ TEST_LE_U( actual_nonce_length, PSA_AEAD_NONCE_MAX_SIZE );
if( expected_status == PSA_SUCCESS )
{
@@ -4683,7 +4683,7 @@
ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
- TEST_ASSERT( ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+ TEST_LE_U( ciphertext_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
ASSERT_ALLOC( ciphertext, ciphertext_size );
@@ -5121,7 +5121,7 @@
tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
- TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE );
+ TEST_LE_U( tag_length, PSA_AEAD_TAG_MAX_SIZE );
output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len );
@@ -5129,7 +5129,7 @@
finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg );
- TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
+ TEST_LE_U( finish_output_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE );
ASSERT_ALLOC( final_data, finish_output_size );
@@ -5969,7 +5969,7 @@
signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
key_bits, alg );
TEST_ASSERT( signature_size != 0 );
- TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
+ TEST_LE_U( signature_size, PSA_SIGNATURE_MAX_SIZE );
ASSERT_ALLOC( signature, signature_size );
/* Perform the signature. */
@@ -6029,7 +6029,7 @@
* whatever it is, it should be less than signature_size, so that
* if the caller tries to read *signature_length bytes without
* checking the error code then they don't overflow a buffer. */
- TEST_ASSERT( signature_length <= signature_size );
+ TEST_LE_U( signature_length, signature_size );
exit:
psa_reset_key_attributes( &attributes );
@@ -6068,7 +6068,7 @@
signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
key_bits, alg );
TEST_ASSERT( signature_size != 0 );
- TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
+ TEST_LE_U( signature_size, PSA_SIGNATURE_MAX_SIZE );
ASSERT_ALLOC( signature, signature_size );
/* Perform the signature. */
@@ -6077,7 +6077,7 @@
signature, signature_size,
&signature_length ) );
/* Check that the signature length looks sensible. */
- TEST_ASSERT( signature_length <= signature_size );
+ TEST_LE_U( signature_length, signature_size );
TEST_ASSERT( signature_length > 0 );
/* Use the library to verify that the signature is correct. */
@@ -6120,7 +6120,7 @@
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE );
+ TEST_LE_U( signature_data->len, PSA_SIGNATURE_MAX_SIZE );
PSA_ASSERT( psa_crypto_init( ) );
@@ -6205,7 +6205,7 @@
signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
TEST_ASSERT( signature_size != 0 );
- TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
+ TEST_LE_U( signature_size, PSA_SIGNATURE_MAX_SIZE );
ASSERT_ALLOC( signature, signature_size );
PSA_ASSERT( psa_sign_message( key, alg,
@@ -6264,7 +6264,7 @@
* whatever it is, it should be less than signature_size, so that
* if the caller tries to read *signature_length bytes without
* checking the error code then they don't overflow a buffer. */
- TEST_ASSERT( signature_length <= signature_size );
+ TEST_LE_U( signature_length, signature_size );
exit:
psa_reset_key_attributes( &attributes );
@@ -6303,14 +6303,14 @@
signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
TEST_ASSERT( signature_size != 0 );
- TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
+ TEST_LE_U( signature_size, PSA_SIGNATURE_MAX_SIZE );
ASSERT_ALLOC( signature, signature_size );
PSA_ASSERT( psa_sign_message( key, alg,
input_data->x, input_data->len,
signature, signature_size,
&signature_length ) );
- TEST_ASSERT( signature_length <= signature_size );
+ TEST_LE_U( signature_length, signature_size );
TEST_ASSERT( signature_length > 0 );
PSA_ASSERT( psa_verify_message( key, alg,
@@ -6350,7 +6350,7 @@
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE );
+ TEST_LE_U( signature_data->len, PSA_SIGNATURE_MAX_SIZE );
PSA_ASSERT( psa_crypto_init( ) );
@@ -6444,7 +6444,7 @@
key_bits = psa_get_key_bits( &attributes );
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
- TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
+ TEST_LE_U( output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
ASSERT_ALLOC( output, output_size );
/* Encrypt the input */
@@ -6518,13 +6518,13 @@
key_bits = psa_get_key_bits( &attributes );
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
- TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
+ TEST_LE_U( output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
ASSERT_ALLOC( output, output_size );
output2_size = input_data->len;
- TEST_ASSERT( output2_size <=
- PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ) );
- TEST_ASSERT( output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
+ TEST_LE_U( output2_size,
+ PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ) );
+ TEST_LE_U( output2_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
ASSERT_ALLOC( output2, output2_size );
/* We test encryption by checking that encrypt-then-decrypt gives back
@@ -6537,7 +6537,7 @@
&output_length ) );
/* We don't know what ciphertext length to expect, but check that
* it looks sensible. */
- TEST_ASSERT( output_length <= output_size );
+ TEST_LE_U( output_length, output_size );
PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
output, output_length,
@@ -6592,7 +6592,7 @@
/* Determine the maximum ciphertext length */
output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
- TEST_ASSERT( output_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
+ TEST_LE_U( output_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
ASSERT_ALLOC( output, output_size );
PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
@@ -6665,7 +6665,7 @@
output, output_size,
&output_length );
TEST_EQUAL( actual_status, expected_status );
- TEST_ASSERT( output_length <= output_size );
+ TEST_LE_U( output_length, output_size );
/* If the label is empty, the test framework puts a non-null pointer
* in label->x. Test that a null pointer works as well. */
@@ -6680,7 +6680,7 @@
output, output_size,
&output_length );
TEST_EQUAL( actual_status, expected_status );
- TEST_ASSERT( output_length <= output_size );
+ TEST_LE_U( output_length, output_size );
}
exit:
@@ -7021,8 +7021,8 @@
if( PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
{
PSA_ASSERT( psa_get_key_attributes( keys[i], &attributes1 ) );
- TEST_ASSERT( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes1 ) ) <=
- PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE );
+ TEST_LE_U( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes1 ) ),
+ PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE );
}
PSA_ASSERT( psa_key_derivation_input_key( &operation,
@@ -7550,7 +7550,6 @@
size_t output_length = ~0;
size_t key_bits;
- ASSERT_ALLOC( output, expected_output->len );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
@@ -7563,16 +7562,47 @@
PSA_ASSERT( psa_get_key_attributes( our_key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
+ /* Validate size macros */
+ TEST_LE_U( expected_output->len,
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) );
+ TEST_LE_U( PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ),
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
+
+ /* Good case with exact output size */
+ ASSERT_ALLOC( output, expected_output->len );
PSA_ASSERT( psa_raw_key_agreement( alg, our_key,
peer_key_data->x, peer_key_data->len,
output, expected_output->len,
&output_length ) );
ASSERT_COMPARE( output, output_length,
expected_output->x, expected_output->len );
- TEST_ASSERT( output_length <=
- PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) );
- TEST_ASSERT( output_length <=
- PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
+ mbedtls_free( output );
+ output = NULL;
+ output_length = ~0;
+
+ /* Larger buffer */
+ ASSERT_ALLOC( output, expected_output->len + 1 );
+ PSA_ASSERT( psa_raw_key_agreement( alg, our_key,
+ peer_key_data->x, peer_key_data->len,
+ output, expected_output->len + 1,
+ &output_length ) );
+ ASSERT_COMPARE( output, output_length,
+ expected_output->x, expected_output->len );
+ mbedtls_free( output );
+ output = NULL;
+ output_length = ~0;
+
+ /* Buffer too small */
+ ASSERT_ALLOC( output, expected_output->len - 1 );
+ TEST_EQUAL( psa_raw_key_agreement( alg, our_key,
+ peer_key_data->x, peer_key_data->len,
+ output, expected_output->len - 1,
+ &output_length ),
+ PSA_ERROR_BUFFER_TOO_SMALL );
+ /* Not required by the spec, but good robustness */
+ TEST_LE_U( output_length, expected_output->len - 1 );
+ mbedtls_free( output );
+ output = NULL;
exit:
mbedtls_free( output );